Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

OSV
OSVadded 2023/07/26 7:19 p.m.3 views

DRUPAL-CONTRIB-2023-032

Carefully crafted input by an attacker will not be sanitized by this module, which can result in a script injection...

6.9AI score
Exploits0References1
OSV
OSVadded 2023/06/28 5:3 p.m.2 views

DRUPAL-CONTRIB-2023-024

This module enables you to create dynamic layouts and add sample color palettes for color selection hints via its UI. The module doesn't sufficiently sanitize the module's settings in certain scenarios leading to a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact th...

6.3AI score
Exploits0References1
Drupal
Drupaladded 2022/02/16 12:0 a.m.48 views

Drupal core - Moderately critical - Information disclosure - SA-CORE-2022-004

The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module which comes with the Standard...

6.5CVSS2.5AI score0.00254EPSS
Exploits0References18
Drupal
Drupaladded 2020/06/03 12:0 a.m.3 views

Services - Moderately critical - Access bypass - SA-CONTRIB-2020-022

This module provides a standardized solution for building API's so that external clients can communicate with Drupal. The module's taxonomy term index resource doesn't take into consideration certain access control tags provided but unused by core, that certain contrib modules depend on. This...

7AI score
Exploits0References5
Drupal
Drupaladded 2019/12/11 12:0 a.m.1 views

Taxonomy access fix - Moderately critical - Access bypass - SA-CONTRIB-2019-093

This module extends access handling of Drupal Core's Taxonomy module. The module doesn't sufficiently check, if a given entity should be access controlled, defaulting to allowing access even to unpublished Taxonomy Terms. if certain administrative routes should be access controlled, defaulting to...

5.7AI score
Exploits0References9
OSV
OSVadded 2019/09/23 6:33 p.m.20 views

GHSA-RWPR-83G3-96G7 Cross-site scripting in padrino-contrib

The breadcrumbs contributed module through 0.2.0 for Padrino Framework allows XSS via a caption...

6.1CVSS5.9AI score0.0024EPSS
Exploits0References3
CVE
CVEadded 2019/09/09 8:46 p.m.156 views

CVE-2019-16145

CVE-2019-16145 affects the padrino-contrib breadcrumbs module (up to version 0.2.0) used with Padrino Framework. The root cause is an XSS in the caption parameter of breadcrumbs.rb that is not properly escaped, allowing script injection. This can enable an attacker to steal session tokens or perf...

6.1CVSS5.9AI score0.0024EPSS
Exploits0References1Affected Software1
Drupal
Drupaladded 2010/03/09 12:0 a.m.3 views

SA-CONTRIB-2010-025 - TinyMCE - Cross Site Scripting (XSS)

The TinyMCE module provides a "WYSIWYG" tool for entering rich text into various parts of a site. The TinyMCE module displayed text entered by an admin without filtering that text leading to a Cross Site Scription XSS vulnerability. XSS vulnerabilities may expose site administrative accounts whic...

5.4AI score
Exploits0References4
Rows per page
Query Builder